[CLUE-Tech] turning on verbose logging for iptables?
David Anselmi
anselmi at americanisp.net
Wed Jul 17 18:28:39 MDT 2002
Dave Price wrote:
> Good morning!
>
> I have an iptables firewall running fine, and have a need to switch on
> verbose logging. I hope to see which ports are being used when I
> initiate an outbound connection to a vpn from a windows client behind
> the firewall.
I think you use the LOG target in iptables--don't know how that impacts
other rules or how easy it is to set up. It probably isn't designed for
what you want and I don't know if there is debug type logging where
netfilter just tells you what it's doing. That may be a compile time thing.
To do what you want, I would use a sniffer. You could run it on the
firewall, either end of the vpn, or something on a common LAN segment
(on a hub, preferably). Ethereal is pretty easy to use and GUI, tcpdump
is command line. Set the sniffer up for just the source and dest IPs
you care about and it will show you all the ports and what they get used
for.
The first time I turned on tcpdump, I saw a continual arp sweep by my
DSL modem. I assume that is part of its dhcp server but haven't dug
into it yet. At least now I know why the activity lights blink all the
time.
Dave
More information about the clue-tech
mailing list